Return to auth-passwd.c CVS log

Up to [local] / src / usr.bin / ssh

Annotation of src/usr.bin/ssh/auth-passwd.c, Revision 1.15

1.1       deraadt     1: /*
1.11      deraadt     2:  * Author: Tatu Ylonen <ylo@cs.hut.fi>
                      3:  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
                      4:  *                    All rights reserved
                      5:  * Created: Sat Mar 18 05:11:38 1995 ylo
                      6:  * Password authentication.  This file contains the functions to check whether
                      7:  * the password is valid for the user.
                      8:  */
1.1       deraadt     9:
                     10: #include "includes.h"
1.15    ! markus     11: RCSID("$Id: auth-passwd.c,v 1.14 1999/12/29 12:47:46 markus Exp $");
1.1       deraadt    12:
                     13: #include "packet.h"
                     14: #include "ssh.h"
                     15: #include "servconf.h"
                     16: #include "xmalloc.h"
                     17:
1.11      deraadt    18: /*
                     19:  * Tries to authenticate the user using password.  Returns true if
                     20:  * authentication succeeds.
                     21:  */
1.15    ! markus     22: int
1.10      markus     23: auth_password(struct passwd * pw, const char *password)
1.1       deraadt    24: {
1.10      markus     25:        extern ServerOptions options;
                     26:        char *encrypted_password;
1.7       markus     27:
1.14      markus     28:        /* deny if no user. */
                     29:        if (pw == NULL)
                     30:                return 0;
1.12      markus     31:        if (pw->pw_uid == 0 && options.permit_root_login == 2)
1.10      markus     32:                return 0;
1.12      markus     33:        if (*password == '\0' && options.permit_empty_passwd == 0)
1.10      markus     34:                return 0;
1.1       deraadt    35:
1.6       markus     36: #ifdef SKEY
1.10      markus     37:        if (options.skey_authentication == 1) {
1.13      markus     38:                int ret = auth_skey_password(pw, password);
                     39:                if (ret == 1 || ret == 0)
                     40:                        return ret;
1.10      markus     41:                /* Fall back to ordinary passwd authentication. */
                     42:        }
1.6       markus     43: #endif
1.13      markus     44: #ifdef KRB4
                     45:        if (options.kerberos_authentication == 1) {
                     46:                int ret = auth_krb4_password(pw, password);
                     47:                if (ret == 1 || ret == 0)
                     48:                        return ret;
1.10      markus     49:                /* Fall back to ordinary passwd authentication. */
1.2       dugsong    50:        }
1.13      markus     51: #endif
1.10      markus     52:
                     53:        /* Check for users with no password. */
1.12      markus     54:        if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
1.10      markus     55:                return 1;
                     56:        /* Encrypt the candidate password using the proper salt. */
                     57:        encrypted_password = crypt(password,
1.11      deraadt    58:            (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx");
1.1       deraadt    59:
1.10      markus     60:        /* Authentication is accepted if the encrypted passwords are identical. */
                     61:        return (strcmp(encrypted_password, pw->pw_passwd) == 0);
1.1       deraadt    62: }